ynerant
/
nk20
mirror of https://gitlab.crans.org/bde/nk20
1
0
Fork 0
Code Issues Releases Wiki Activity

Permissions for activities must be more specific to prevent that anyone can validate its own activity

This commit is contained in:
Yohann D'ANELLO 2020-08-15 22:24:48 +02:00
parent 5f8c4a2857
commit 5abbb84254
1 changed files with 146 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
apps/permission/fixtures/initial.json
View File

@ -551,22 +551,6 @@
"description": "Voir toutes les activités valides"
}
},
{
"model": "permission.permission",
"pk": 35,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "",
"permanent": false,
"description": "Modifier les activités non validées dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 36,
@ -2375,6 +2359,134 @@
"description": "Supprimer une facture"
}
},
{
"model": "permission.permission",
"pk": 152,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "name",
"permanent": false,
"description": "Modifier le nom d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 153,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "description",
"permanent": false,
"description": "Modifier la description d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 154,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "location",
"permanent": false,
"description": "Modifier le lieu d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 155,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "activity_type",
"permanent": false,
"description": "Modifier le type d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 156,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "organizer",
"mask": 1,
"field": "name",
"permanent": false,
"description": "Modifier l'organisateur d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 157,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "attendees_club",
"permanent": false,
"description": "Modifier le club attendu d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 158,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "date_start",
"permanent": false,
"description": "Modifier la date de début d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.permission",
"pk": 159,
"fields": {
"model": [
"activity",
"activity"
],
"query": "[\"AND\", {\"valid\": false}, {\"creater\": [\"user\"]}]",
"type": "change",
"mask": 1,
"field": "date_end",
"permanent": false,
"description": "Modifier la date de fin d'une activité non validée dont on est l'auteur"
}
},
{
"model": "permission.role",
"pk": 1,
@ -2409,7 +2521,6 @@
"name": "Adh\u00e9rent Kfet",
"permissions": [
34,
35,
36,
6,
39,
@ -2431,7 +2542,15 @@
101,
108,
109,
144
144,
152,
153,
154,
155,
156,
157,
158,
159
]
}
},
@ -2600,7 +2719,6 @@
32,
33,
34,
35,
36,
37,
38,
@ -2713,7 +2831,15 @@
148,
149,
150,
151
151,
152,
153,
154,
155,
156,
157,
158,
159
]
}
},